Snarkey.Identity (snarkey v0.1.0)

Copy Markdown View Source

Blind identity hashing for unlinkable user identifiers.

Uses HMAC-SHA256 with a server-held pepper to produce identifiers that cannot be correlated without access to the pepper.

Summary

Functions

Produces a blind identifier by HMAC-SHA256(pepper, raw_id).

Performs constant-time dummy work to defend against timing attacks on non-existent user lookups.

Functions

blind(raw_id, opts \\ [])

Produces a blind identifier by HMAC-SHA256(pepper, raw_id).

The pepper is sourced from Application.get_env(:snarkey, :pepper) or the :pepper option. If neither is available, raises ArgumentError.

Options

  • :pepper — HMAC key. Overrides the application env value.

Examples

iex> blind = Snarkey.Identity.blind("user@example.com", pepper: "super-secret")
iex> is_binary(blind)
true
iex> byte_size(blind)
32

dummy_work()

Performs constant-time dummy work to defend against timing attacks on non-existent user lookups.

Should be called when a lookup for a blind identifier returns no results, to ensure the response time is indistinguishable from a successful lookup.

Examples

iex> Snarkey.Identity.dummy_work()
:ok